[Openvpn-devel] [PATCH] Windows: Set interface IPv6 prefix length when configuring address
Address prefix length defaults to /64 on Windows. This change allows using Windows clients in setups that use a different prefix length. Note: the ability to set the prefix length is documented in the netsh 'add address' command, but works on the 'set address' command as well. Signed-off-by: Eyal Birger --- src/openvpn/tun.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c index 25831ce..b2b4795 100644 --- a/src/openvpn/tun.c +++ b/src/openvpn/tun.c @@ -1561,15 +1561,16 @@ do_ifconfig(struct tuntap *tt, } else { -/* example: netsh interface ipv6 set address interface=42 2001:608:8003::d store=active */ +/* example: netsh interface ipv6 set address interface=42 2001:608:8003::d/64 store=active */ char iface[64]; openvpn_snprintf(iface, sizeof(iface), "interface=%lu", tt->adapter_index ); argv_printf(&argv, -"%s%sc interface ipv6 set address %s %s store=active", +"%s%sc interface ipv6 set address %s %s/%d store=active", get_win_sys_path(), NETSH_PATH_SUFFIX, iface, -ifconfig_ipv6_local ); +ifconfig_ipv6_local, +tt->netbits_ipv6); netsh_command(&argv, 4, M_FATAL); /* set ipv6 dns servers if any are specified */ netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, actual); -- 2.7.4 -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot ___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
Re: [Openvpn-devel] [PATCH 0/2] Make cryptoapicert work with TLS 1.2
2018-01-08 7:21 GMT+05:00 : > From: Selva Nair > > Hi, > > I am not sure how receptive the crypto maintaineres are to the > idea of adding more code into cryptoapi.c, but here goes: > > I've been wanting to add TLS 1.2 support for certs in the > Windows cert store using management external key. But that's > a lot more work than extending cryptoapicert support. And, > rather surprsingly, it turns out that the CNG API for signing is > easy to use (well after some groping in the dark..) and doesn't > take much to implement. > > So these patches.. > > The first patch is not really related and to make the existing code > "openssl-1.1 ready" (missed by past patches as no one probably builds > Windows binary with 1.1..). > there was an agreement on one of the recent community meetings to gracefully deprecate both libressl and openssl-1.0.X in favour of openssl-1.1.X so, we should learn how to build windows binary with 1.1.X :) > > The second patch is not dependent on this, but close-by code paths > are touched by both. > > Selva > > Selva Nair (2): > Bring cryptoapi.c upto speed with openssl 1.1 > TLS v1.2 support for cryptoapicert -- RSA only > > configure.ac | 1 + > src/openvpn/Makefile.am | 2 +- > src/openvpn/cryptoapi.c | 155 ++ > - > src/openvpn/openssl_compat.h | 14 > src/openvpn/options.c| 18 - > 5 files changed, 140 insertions(+), 50 deletions(-) > > -- > 2.1.4 > > > > -- > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > ___ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel > -- Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot___ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel